[dokuwiki] how much of a risk is xmlrpc over http?

• From: andy baxter <andy@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
• To: dokuwiki@xxxxxxxxxxxxx
• Date: Wed, 13 Apr 2011 08:22:37 +0100

Hi,

I've been setting up xmlrpc and the sync plugin for my personal website, so that I can maintain a local version on my laptop which I can sync up to the web when I'm finished editing. The plugin looks like being very useful, but I need to know about the security issues of using xmlrpc over http.

My webspace provider charges extra for https access, so I would like to avoid using this, but I am concerned that according to the xmlrpc docs, it is a security risk to use this over http. (At the moment I am enabling xmlrpc while doing a sync and then disabling it afterwards, but it would be nice to be able to leave it open.)

Could you let me know a bit more about what the risks are; for example how much more of a risk is it to use xmlrpc over http than just to do a standard site login over http?

Thanks,

andy baxter

http://highfellow.org
--
DokuWiki mailing list - more info at
http://www.dokuwiki.org/mailinglist

• Follow-Ups:
  • [dokuwiki] Re: how much of a risk is xmlrpc over http?
    • From: Michael Hamann

Other related posts:

• » [dokuwiki] how much of a risk is xmlrpc over http? - andy baxter
• » [dokuwiki] Re: how much of a risk is xmlrpc over http?- Michael Hamann
• » [dokuwiki] Re: how much of a risk is xmlrpc over http?- andy baxter

1. Home
2. dokuwiki
3. Archive
4. 04-2011

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---